Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix incorrect implementation of auditlog managment #9002

Merged
merged 10 commits into from
Dec 12, 2023
Merged

Fix incorrect implementation of auditlog managment #9002

merged 10 commits into from
Dec 12, 2023

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Nov 15, 2023

During troubleshooting of unittests in #8824, I found out that settings auditlog via System_Settings is not behaving correctly.
It is not possible to enable/disable auditlog dynamically in one of the running containers because it will have only a "local" effect.

Enabling/disabling have to be set before start (e.g. by environmental variable).

@kiblik kiblik changed the base branch from master to dev November 15, 2023 14:58
@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs and removed apiv2 helm labels Nov 15, 2023
@kiblik kiblik marked this pull request as ready for review November 15, 2023 19:25
Maffooch
Maffooch reviewed Nov 20, 2023
View reviewed changes
dojo/views.py Outdated Show resolved Hide resolved
docs/content/en/getting_started/upgrading.md Outdated

**Breaking Change**

Parameter `enable_auditlog` is not possible to set through System settings anymore. If you set this parameter or you need to set it to `False` (to disable audit logging), set environmental variable `DD_ENABLE_AUDITLOG` to `False`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another env var should be added to the docker-compose.yml file in all the containers ran by the django image. This should do the trick

DD_ENABLE_AUDITLOG: ${DD_ENABLE_AUDITLOG:-False}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Maffooch, is this text which I should add to the mentioned file?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. Somewhere in the environment blocks for the uwsgi, celerybeat, celeryworker, and init containers

django-DefectDojo/docker-compose.yml

Line 50 in 19c4e74

environment:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

dojo/models.py Outdated Show resolved Hide resolved
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@kiblik kiblik mentioned this pull request Nov 20, 2023
Merged
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 21, 2023
edited

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the results in the section below for checks.

Status DryRun Security Check
AI-powered Sensitive Function Check
Configured Sensitive Files Check
AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing /dryrunsec: (or /drs:) followed by your question. Example: /dryrunsec: From a security perspective, what are some sensitive files in an Express application?

Install and configure more repositories at DryRun Security

@kiblik kiblik requested a review from Maffooch November 28, 2023 12:33
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Dec 12, 2023
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@blakeaowens blakeaowens merged commit c58b85a into DefectDojo:dev Dec 12, 2023
119 of 121 checks passed
@kiblik kiblik deleted the move_enable_auditlog branch December 12, 2023 22:16
@kiblik kiblik mentioned this pull request Jan 11, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@devGregA devGregA devGregA approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
docker docs New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@kiblik @mtesauro @devGregA @Maffooch @blakeaowens